EEVblog #539 - RFID Tag Repair

[nitro2k01]

Dave does an impromptu teardown and repairs his 125KHz RFID lab access card.
And finds a use for his DSO Quad oscilloscope.

[84GKSIG]

Well now I want one of those hand held oscilloscopes to play with, have always been put off by them cause most look like re-purposed mp3 players. never actually seen one in operation either, if it can give a frequency read out, may not be as useless as I initially thought. hmmm..

Those RFID tags could be made a lot stronger but looks like they go for the bare minimum to make the thing cheap and function.

[nitro2k01]

Oh lookie. We have ourselves some PSK. (See picture.)

That's a nice tag reader you've got there. It would be a shame if something hap... No.

That's a nice tag reader you've got there. It would be a shame if you never did a teardown of it.

[EEVblog]

Well now I want one of those hand held oscilloscopes to play with, have always been put off by them cause most look like re-purposed mp3 players

They are!

never actually seen one in operation either

And trust me, you don't want to. The UI is horrible.

[alm]

Well now I want one of those hand held oscilloscopes to play with, have always been put off by them cause most look like re-purposed mp3 players. never actually seen one in operation either, if it can give a frequency read out, may not be as useless as I initially thought. hmmm..

Both Dave and Mike did a review of one. This should give you a fair impression of the UI . Note that Dave only used it to show the presence of a signal. He could probably as well have used a DMM with frequency function.

[nitro2k01]

And trust me, you don't want to. The UI is horrible.

How bad is DSO Nano, actually? The QDSO is crap, as both you and Mike pointed out, but the DSO Nano is supposedly (said with Dave's critical voice) more upmarket. Maybe time for a review, even you loathe pocket DSOs?

[Quai]

I did a tear-down of the RFID-card used on public transportation in the town that I live;

It's a 13.56 MHz based MIFARE[1] card, two sided (very) flexible PCB with a much shorter antenna coil. You can see the tiny chip in the top left corner, and I think the two squares in the middle of the left side is the cap Dave has in his DaveCAD drawing.

1. http://en.wikipedia.org/wiki/MIFARE

[84GKSIG]

Far out, can't help but wonder now how many variations of these things there are?? I think we need more pictures. 

[Fezder]

almost started considering those hand-held 'scopes, but came to senses after giving small thought, need to save money for proper multimeter and digital scope....damm student budget argh!

and, nice video, always wondered how those ''smart cards'' work!

[dentaku]

That turned out to be very interesting and educational.

[mcinque]

it is very curious that Mythbusters were banned about investigation on RFID (expecially vulnerabilities, security and so on) from major credit cards providers, just Google "rfid mythbusters banned" to know more.

Maybe you, Dave, could do the investigation and be our Jamie+Adam!

[firehopper]

it is very curious that Mythbusters were banned about investigation on RFID (expecially vulnerabilities, security and so on) from major credit cards providers, just Google "rfid mythbusters banned" to know more.

Maybe you, Dave, could do the investigation and be our Jamie+Adam!

I thought he was already our jamie+adam?

[mcinque]

  You're right, I should rephrase my sentence:

"Maybe you, Dave, could do the investigation and be AGAIN our Jamie+Adam!"

[alxnik]

May I say, these things are horribly insecure.

This kind of card (I have 10 or so in my lab) has just a numeric string which is read by the reader. Of course it is totally copiable, so Dave if it opens something that is supposed to be secure, beware.

Don't confuse these cheapies with proper security cards. I am attaching an image I just took of my security card at work (which of course I tore down...), which although I have never analysed, seems to have a proper cryptographic handshake.

Also, credit cards in europe (EMV standard) are pretty secure as they are active cards (not just passive memory modules) and they do a cryptographic handshake according to public key infrastructure of mastercard/visa. The US have only lately started moving to EMV. I have no idea about Australia...

[alm]

The difference between active and passive RFID tags in the power source. Active tags have their own power source; passive tags are powered by the field from the reader. A passive RFID tag can still employ encryption. The Mifare Classic would be one (not so secure) example. Mifare Plus and DESFire would be more secure alternatives.

[FrankBuss]

There is a nice project on Kickstarter for reading and emulating 125kHz RFID cards and tags:

http://www.kickstarter.com/projects/1708444109/rfidler-a-software-defined-rfid-reader-writer-emul

Looks promising, I supported it. Probably better than expensive commercial readers, because someone can hack it until it works, which would be more fun anyway.

[alxnik]

The difference between active and passive RFID tags in the power source. Active tags have their own power source; passive tags are powered by the field from the reader. A passive RFID tag can still employ encryption. The Mifare Classic would be one (not so secure) example. Mifare Plus and DESFire would be more secure alternatives.

We might have a different view of what active and passive is.

Passive (to me) is a memory card. It employs no logic. These are the mifare. Haven't used the higher end ones, but even if you encrypt something, it doesn't matter on authentication use, in a replay attack you can just replay the encrypted data. I have used the lower end ones and I can assure you, they are copiable

Active: The contactless credit cards (and chip & pin for that matter) are not self powered but are proper processors. The reader talks to the card via a standard protocol and usually there is a challenge/response scheme where they both authenicate themselves via pki. At no point can the reader, read the actual data in the card.

[alm]

Active RFID tags and passive RFID tags are technical terms used in the industry, I'm not sure why you feel the need to come up with alternative definitions. See for example this page. Passive tags can be small (credit card or wrist strap size) and have a short range. Active tags are larger and might for example be used in logistics for vehicle identification.

A secure passive RFID tag will often contain a low-power micro doing the encryption and performing the handshake. Communication between reader and the chip within the tag is encrypted. For example, if you read the RFID tag inside many passports on a normal Mifare lite reader it will return a different (apparently random) block of data every time. Even the serial number is random. In some cases it may be possible to crack this encryption (the Mifare Classic encryption has been cracked), but it's certainly not trivial to copy or crack by replay attacks. That only applies to the Mifare Lite tags which don't employ any encryption and are only intended for low security applications.

[EEVblog]

And trust me, you don't want to. The UI is horrible.

How bad is DSO Nano, actually? The QDSO is crap, as both you and Mike pointed out, but the DSO Nano is supposedly (said with Dave's critical voice) more upmarket.

It's pretty bad. Not as bad as the other one we reveiwed I suspect, but not great. At least that's my first impression. The UI is awful. There is replacement firmware from someone that is supposed to fix hat, but haven't tried it.

[alxnik]

Active RFID tags and passive RFID tags are technical terms used in the industry, I'm not sure why you feel the need to come up with alternative definitions. See for example this page. Passive tags can be small (credit card or wrist strap size) and have a short range. Active tags are larger and might for example be used in logistics for vehicle identification.

You are a bit touchy now, aren't you? I'm trying to have a conversation not find out who has the best knowledge of the industry. I am terribly sorry sir, but coming from the software world this is how we usually define active and passive. Or alternatively intelligent or dumb if you like. I'd suggest that we drop the industry naming issue and just concentrate on the actual convertation shall we?

A secure passive RFID tag will often contain a low-power micro doing the encryption and performing the handshake. Communication between reader and the chip within the tag is encrypted. For example, if you read the RFID tag inside many passports on a normal Mifare lite reader it will return a different (apparently random) block of data every time. Even the serial number is random. In some cases it may be possible to crack this encryption (the Mifare Classic encryption has been cracked), but it's certainly not trivial to copy or crack by replay attacks. That only applies to the Mifare Lite tags which don't employ any encryption and are only intended for low security applications.

As I said, I have no experience in the higher end models of mifare. However, you don't give any crypto information about the scheme in your post. Is it pki or symmetric? If it is symmetric (DES is) then, how does the key change - let alone that (single) DES is trivially cracked with a partially known plaintext attack? What is the PRNG that seeds the process? If it is time then a time attack is in order. If it is pki, then of course it starts to become more hard to crack, but again, who manages the CA? Is it secured properly?

[alm]

I'm not intimately familiar with the DESFire tags. I believe the current version supports 3DES and AES. The key can be unique per card and can be derived from the unique ID stored on the card. Or in the case of passports the first layer of encryption is protected by the birth date and passport number, which can only be read by opening the passport and scanning it. Cards can also store multiple keys, granting different levels of access. The appnotes on this page give some more details.

I'm not going to claim these are perfectly secure (nothing is), and some have been cracked, but copying is certainly not as trivial as recording the response and replaying it.

[alxnik]

I'm not intimately familiar with the DESFire tags. I believe the current version supports 3DES and AES. The key can be unique per card and can be derived from the unique ID stored on the card. Or in the case of passports the first layer of encryption is protected by the birth date and passport number, which can only be read by opening the passport and scanning it. Cards can also store multiple keys, granting different levels of access. The appnotes on this page give some more details.

I'm not going to claim these are perfectly secure (nothing is), and some have been cracked, but copying is certainly not as trivial as recording the response and replaying it.

From the datasheet, the DESFire cards seem to work the same way as EMV as part of the same ISO standards. I have studied these and by themselves they are mostly secure, but usually the devil is in the details and the crack usually comes from the implementation. However infrastructures like these are not easy to build, and you won't find them in your run of the mill building security.

Fun fact: I was in a theoretically secure building today with a door system by HID with double doors, weight sensors and all the fancy stuff. The tags themselves were mifare ultralight readable by a smartphone, so easily copiable. Given this, and my general experience in building security systems, they are not very secure (I've seen pretty secure ones, but they are usually an exception). Hence my initial posting.

[alm]

From the datasheet, the DESFire cards seem to work the same way as EMV as part of the same ISO standards. I have studied these and by themselves they are mostly secure, but usually the devil is in the details and the crack usually comes from the implementation. However infrastructures like these are not easy to build, and you won't find them in your run of the mill building security.

No argument here. But on the other hand, the old systems don't usually have perfect security either. Physical keys are often trivial to copy, and so called high security locks may also be easy to pick with the right tools and skills. Building security partly relies on the fact that thieves have limited time, resources and skills, and on other mechanisms like cameras and other people. Very few buildings would be hard to enter for anyone determined to enter that particular building.

Fun fact: I was in a theoretically secure building today with a door system by HID with double doors, weight sensors and all the fancy stuff. The tags themselves were mifare ultralight readable by a smartphone, so easily copiable. Given this, and my general experience in building security systems, they are not very secure (I've seen pretty secure ones, but they are usually an exception). Hence my initial posting.

That sounds pretty typical for many organizations. I believe even the NXP marketing material only suggests Ultralight for disposable tickets and other low security applications, so someone was really not paying attention. At least the tags are cheap .

[EEVblog]

No argument here. But on the other hand, the old systems don't usually have perfect security either. Physical keys are often trivial to copy, and so called high security locks may also be easy to pick with the right tools and skills. Building security partly relies on the fact that thieves have limited time, resources and skills, and on other mechanisms like cameras and other people. Very few buildings would be hard to enter for anyone determined to enter that particular building.

In my building, after hours and weekends there are only two ways onto a given floor. Via the front door and lifts, both of which have RFID access. Or via the fire escape which has multiple locked doors you'd have to pick. The locks would be easier than the RFID system. Then you also have to evade the roaming security patrol.
Even during the week when the front door is open, if those lifts fail, there is no way to access the floors unless someone jams the fire doors open.

[Ferroto]

Chris Paget gave a talk at defcon 17 about RFID security flaws.